Clearing console TTY lines with an EEM script.

Running a console server is required if you have more than a few devices in your lab. Getting everyone to log out in a shared lab environment is a losing battle. Heck, I can’t even do that in my own lab. It can be quite painful to have to keeping clearing TTY lines.

Have no fear! EEM to the rescue. The following script is written for manual execution but can, of course, be adapted to be run on a schedule. Watchdog timer is probably easiest but EEM supports CRON too.

One word of caution: you may need to get more recent code to support the full EEM functionality. I am using a 2651XM router and needed to upgrade to 12.4 Enterprise Base from like 12.2 code. This box does not have the flash or DRAM to run Advanced Enterprise Services. (And why would I? It a console server!)


!
event manager applet 1
event none
action 1.0 cli command "enable"
action 1.1 cli command "clear line 33" pattern "confirm"
action 1.2 cli command "y"
action 1.3 cli command "clear line 34" pattern "confirm"
action 1.4 cli command "y"
action 1.5 cli command "clear line 35" pattern "confirm"
action 1.6 cli command "y"
action 1.7 cli command "clear line 36" pattern "confirm"
action 1.8 cli command "y"
action 1.9 cli command "clear line 37" pattern "confirm"
action 2.0 cli command "y"
action 2.1 cli command "clear line 38" pattern "confirm"
action 2.2 cli command "y"
action 2.3 cli command "clear line 39" pattern "confirm"
action 2.4 cli command "y"
action 2.5 cli command "clear line 40" pattern "confirm"
action 2.6 cli command "y"
action 2.7 cli command "clear line 41" pattern "confirm"
action 2.8 cli command "y"
action 2.9 cli command "clear line 42" pattern "confirm"
action 3.0 cli command "y"
action 3.1 cli command "clear line 43" pattern "confirm"
action 3.2 cli command "y"
action 3.3 cli command "clear line 44" pattern "confirm"
action 3.4 cli command "y"
action 3.5 cli command "clear line 45" pattern "confirm"
action 3.6 cli command "y"
action 3.7 cli command "clear line 46" pattern "confirm"
action 3.8 cli command "y"
action 3.9 cli command "clear line 47" pattern "confirm"
action 4.0 cli command "y"
!

Screen Shot 2014-07-13 at 9.04.43 PM

Screen Shot 2014-07-13 at 9.05.02 PM

Posted in Certification, Projects

Schizophrenic BGP Communites

I was working on a lab scenario and got to thinking (yes dangerous in itself) about what would happen if well known BGP communities are appended to a prefix that have contradictory rules. Which would take precedent? As a review the four* well known BGP communities are as follows:

Internet – Advertise anywhere.
No-Export – Do not send to adjacent AS.
No-Advertise – Do not sent to any peer.
Local-AS – Do not sent outside local AS; Only used in Confederation scenarios.

So what if a prefix contains both the Internet and No-Export communities? This would obviously be a misconfiguration but I wanted to see how it would be interpreted by the BGP table on the local router.

Topology:

Screen Shot 2014-04-02 at 11.09.17 AM

Config:


!
route-map SET-COMM permit 10
set community internet no-export no-advertise local-AS
!
!
router bgp 100
bgp log-neighbor-changes
neighbor 12.0.0.2 remote-as 200
!
address-family ipv4
neighbor 12.0.0.2 activate
neighbor 12.0.0.2 send-community both
neighbor 12.0.0.2 route-map SET-COMM out
no auto-summary
no synchronization
network 1.1.1.0 mask 255.255.255.0
exit-address-family
!

Results? From R2:

Screen Shot 2014-04-02 at 11.26.54 AM

Conclusion: when multiple well known communities are used, BGP picks the most restrictive community as the tie breaker. Interestingly RFC 1997 does not specify what should be done in the case where a prefix belongs to multiple communities that have contradictory handling. I assume this behavior is Cisco proprietary.

*It is worth mentioning that these actually are not the only well known BGP communities but they seem to be the most commonly discussed. https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml

Posted in Routing

Cisco acquires Cracker Barrel, jumps head first into DaaS.

To the great surprise of many in the industry Cisco announced Tuesday their intent to acquire Cracker Barrel Old Country Store, Inc. (known less formally as “Cracker Barrel”) for $410 Million USD cash. The Lebanon, Tennessee based company began business in 1969 and operates over 600 stores nationally. Their operating income for 2012 was $190 million USD. This purchase clearly shows that Cisco has thrown down the gauntlet and ready to add Dinner-as-a-Service (DaaS) to their portfolio.

While discussing the purchase on a conference call early Tuesday morning Cisco CEO John Chambers explained the rationale and timing for such a purchase. “We believe this move is right for Cisco. The Dinner As a Service market is one of the oldest industries and we want to be leaders in the space by innovating. Anybody can do SDN. Not everybody can do SDN and pancakes. We feel this will complement our entire product line.”

News of the purchase was met with mixed feelings on Wall Street. Analysts are concerned that Cisco is biting off more than it can chew. “There are many DaaS players out there already and Cisco is a little late to the game,” says Avril Phul a senior director with Four One Capital Consulting. “Basically you have a slow growth industry and a customer base that does not have much tolerance for change. You can’t go in and change up a bunch of things on the menu and expect people to keep coming. For Cisco to do this right, and I believe they can, they need to understand what not to do.”

Chambers went on to explain that they plan to integrate marketing pieces with Cracker Barrels existing branding. For example placing vintage routing equipment on the wall with their existing antique collection.

Full detail of the interview can be read here.

Posted in Industry Trends, Uncategorized

CCNP lab-on-stick with VRF-lite.

Done with studying for the day and about to call it a night.

I have a 2811 router here in my office that I was practicing some OSPF and ZFW commands on. I got to thinking: imagine if you were stuck on a desert island and only had one router with a single cross over cable. Could you use this to study for a CCNA or CCNP? (I know what you are thinking: If one were stuck on remote island why would you care about certification?)

Well here is what I am thinking:

*Single crossover cable from Fa0/0 to Fa 0/1 so the router is self-loopbacked.
*Create sub-interfaces and place them in a unique VLAN per-router pair.
*Create VRF’s and place each “router” in its own VRF. (aka VRF-lite)

Once the logical addressing is complete, theoretically any VRF-aware routing protocol could be use to string it all together and give it the appearance of a large (lab wise) topology.

For example here is the physical topology:

Screen Shot 2014-03-22 at 1.12.22 AM

And here would be the logical topology:

Screen Shot 2014-03-22 at 1.09.55 AM

Each VRF pair is placed on the same VLAN to emulate the logical topology. Here is a sample of what R1 – R2 link would look like:

Screen Shot 2014-03-22 at 1.16.58 AM

After about 30 minutes of config & whiteboard it turns out this works exactly as expected. When common tools such as traceroute are used it looks like a network with 8 “routers”:


R0#traceroute vrf R1 ip 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

1 12.0.0.2 0 msec 0 msec 0 msec
2 23.0.0.2 4 msec 0 msec 0 msec
3 34.0.0.3 0 msec 0 msec 4 msec
4 45.0.0.5 0 msec 0 msec 4 msec
5 56.0.0.6 0 msec 0 msec 4 msec
6 67.0.0.7 0 msec 0 msec 4 msec
7 78.0.0.8 0 msec 0 msec 0 msec
R0#

In reality we have just one router:


R0#sho cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
R0 Fas 0/0 173 R S I 2811 Fas 0/1
R0 Fas 0/1 173 R S I 2811 Fas 0/0

I used EIGRP but theoretically OSPF, RIPv2 or IS-IS could be used. The drawback with OSPF is that it is not VRF-aware so you would need to use separate process ID which, I imagine, could get clunky on a low-end router.


R0#show ip eigrp vrf R2 neighbors
IP-EIGRP neighbors for process 18
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 12.0.0.1 Fa0/1.12 14 00:36:52 655 3930 0 7
0 23.0.0.2 Fa0/0.23 11 00:36:55 5 200 0 13
R0#

Router#show ip eigrp vrf R2 topology
IP-EIGRP Topology Table for AS(18)/ID(23.0.0.3) Routing Table: R2
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 1.1.1.1/32, 1 successors, FD is 156160
via 12.0.0.1 (156160/128256), FastEthernet0/1.12
P 8.8.8.0/24, 1 successors, FD is 168960
via 23.0.0.2 (168960/166400), FastEthernet0/0.23
P 12.0.0.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/1.12
P 23.0.0.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0.23
P 34.0.0.0/24, 1 successors, FD is 30720
via 23.0.0.2 (30720/28160), FastEthernet0/0.23
P 45.0.0.0/24, 1 successors, FD is 33280
via 23.0.0.2 (33280/30720), FastEthernet0/0.23
P 56.0.0.0/24, 1 successors, FD is 35840
via 23.0.0.2 (35840/33280), FastEthernet0/0.23
P 67.0.0.0/24, 1 successors, FD is 38400
via 23.0.0.2 (38400/35840), FastEthernet0/0.23
P 78.0.0.0/24, 1 successors, FD is 40960
via 23.0.0.2 (40960/38400), FastEthernet0/0.23

Hostess-Twinkies-box

Posted in Certification, Projects, Routing

Huge pitfall when calling route-map.

Pittfall

File this under huge pitfall.  Every now and then I run into this and get a good laugh at myself for committing this error.  Take note of the following route-map:

!
route-map EIGRP2OSPF permit 10
match ip address NET-112.12.25.0/24
set metric 95
set metric-type type-1
!
route-map EIGRP2OSPF permit 20
match ip address NET-ANY
set metric 90
set metric-type type-2
!
!The route-map is called in the redistribution:
router ospf 1
redistribute eigrp 100 subnets route-map EIGRP2OSPF
!

Simple right? In case you did not notice, there is a critical flaw here and it is easy to make especially if you don’t work with route-maps everyday.

The problem is here:

match ip address NET-ANY

This is actually the incorrect syntax to call a prefix-list, and instead, is calling an ACL named “NET-ANY.” The net result is that nothing will actually be matched. (or worse if matches the wrong network assuming you have an ACL named “NET-ANY”) It would really stink to make this mistake in the CCIE lab. To paraphrase Anthony Sequeira, the CCIE lab is a horrible place to learn something.


!
route-map EIGRP2OSPF permit 10
match ip address prefix-list NET-112.12.25.0/24
set metric 95
set metric-type type-1
!
route-map EIGRP2OSPF permit 20
match ip address prefix-list NET-ANY
set metric 90
set metric-type type-2
!
!The route-map is called in the redistribution:
router ospf 1
redistribute eigrp 100 subnets route-map EIGRP2OSPF
!

Posted in Certification, Projects, Routing

Snooping around with IGMP Snooping.

Posted in Switching

Sham(wow)-Link Dude.

Screen Shot 2013-10-28 at 7.31.10 PM

 

 

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-sham-link.html

Posted in Routing
Charles Stizza

Enter your email address to follow this blog and receive notifications of new posts by email.

July 2017
M T W T F S S
« Oct    
 12
3456789
10111213141516
17181920212223
24252627282930
31  
  • RFC 8196: IS-IS Autoconfiguration July 20, 2017
    Finally a group of engineers figured out it’s a good idea to make things less complex instead of heaping layers of complexity on top of already-complex kludges.RFC 8196 specifies default values and extensions to IS-IS that make it a true plug-and-play routing protocol. I wonder when we’ll see it implemented now that everyone is obsessed with intent-based hyp […]
    Ivan Pepelnjak